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Abstract 

A class of bilinear permutation polynomials over a finite field of 
characteristic 2 was constructed in a recursive manner recently which 
involved some other constructions as special cases. We determine the 
compositional inverses of them based on a direct sum decomposition 
of the finite field. The result generalizes that in [R.S. Coulter, M. 
Henderson, The compositional inverse of a class of permutation poly- 
nomials over a finite field, Bull. Austral. Math. Soc. 65 (2002) 
521-526]. 

Keywords Permutation polynomial; Bilinear polynomial; Compo- 
sitional inverse; Direct sum. 

1 Introduction 

Let F q be the finite field with q elements where q is a prime or a prime power, 
and ¥ q [x] be the ring of polynomials over ¥ q . For any /(x) G Fjx], it can 
induce a map from ¥ q to itself. f(x) is called a permutation polynomial 
if the map induced by it is bijective. In fact, we need only to consider 
polynomials of degree less than q when talking about permutation behavior 
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of them. Clearly, under the operation of composition of polynomials and 
subsequent reduction modulo (x q — x), the set of all permutation polynomials 
over F g forms a group which is isomorphic to S q , the symmetric group on 
q letters. Hence for any permutation polynomial f(x) G F g [sc], there exists 
a unique polynomial f _1 (x) 6 ¥ q [x] such that = = x 

mod (x q — x). J" 1 is called the compositional inverse of / (or vice versa). 

Discovering new classes of permutation polynomials is an old and impor- 
tant problem due to their applicable value in cryptography, coding theory 
and combinatorics. However, it is far from easy to do this. There are only 
a few classes of permutation polynomials known. See [9j [10] for a survey of 
this topic and [131 [TJ EJ [HI US], for example, for some recent progresses. 

Given a class of permutation polynomials, it seems to be an even more 
difficult problem to find the class of permutation polynomials that represent 
their compositional inverses. It was noted in [6] that only for permutation 
linear polynomials, monomials and Dickson polynomials, the compositional 
inverses could be explicitly determined. To the knowledge of the authors, this 
list was enlarged in recent years and compositional inverses of the following 
several other classes of permutation polynomials were determined: 

(1) Permutation polynomials of the form x r f(x s ) over ¥ q where s\(q — 1). 
Permutation behavior of such polynomials was studied in [121 CEO 12], and 
their compositional inverses were obtained in |14j . 

(2) The linearized polynomials over ¥ q n. A polynomial over ¥ q n of the 
shape L(x) = Y^=o a i x<1% is called a linearized polynomial. It is well known 
that L(x) is a permutation polynomial if and only if the matrix 



D, 



/ o-o cli ... a n _i \ 
i i i 

a n-l a • • • a n-2 



n-l „n-l n- 

\a\ a\ ... ag / 



is non-singular [TT] . In [15] the authors found that the compositional inverse 
of L(x) can be represented by cofactors of elements in the first column of Dl 
(see [15], Theorem 4.5]). 

(3) The bilinear polynomial x (Tr(x) + ax) over F q n where q is even and 
n is odd, proposed in [3]. Its compositional inverse was determined in [6] 
which is of a complicated form. 

In this paper, we focus on extending the list above. More definitely, we 
want to replace (3) in the above list with a more general case. A polynomial 



2 



over ¥ q n is called a DO polynomial if it is of the shape 

a ij x<1 +q ■ 

0<i,j<n-l 

A polynomial of the shape Li(x)L 2 (x) for two linearized polynomials over 
W q n is obviously a DO polynomial, which is called a bilinear polynomial in 
[3] . It was also raised as a problem finding bilinear permutation polynomials 
in [3], which could be reduced to the problem of finding bilinear permutation 
polynomials of the shape xL(x) for a linearized polynomial L(x). The special 
class in (3) above was constructed (see [3j Theorem 5]) and the compositional 
inverse class was obtained afterwards (see [HI Theorem 1]). 

We notice that the class in (3) was generalized in [1] in a recursive man- 
ner recently, thus it is a natural question how to generalize its compositional 
inverse to the compositional inverse of the generalized class of bilinear per- 
mutation polynomials. This is not direct since the method in [6] to obtain 
compositional inverse is a "guess and determine" one: verifying the result af- 
ter guessing it based on some experimental evidences. However, after further 
studying properties of such permutation polynomials, we can overcome this 
difficulty. The main idea of our method is to decompose the finite field into a 
direct sum of two subspaces, and represent the map induced by a univariate 
permutation polynomial f(x) by a bivariate permutation polynomial system 
f(y,z) = (fi(y, z), f2(y, z)). In the case f(x) is a bilinear polynomial we 
consider, the corresponding bivariate polynomial system f(y, z) is of a trian- 
gular form: f\(y, z) is independent of the variable z. We can get the inverse 
polynomial system after overcoming the difficulty of determining the inverse 
of a permutation induced by a linearized polynomial on a component of the 
direct sum decomposition of the finite field. To summarize, we transform 
the problem of computing inverse of a non-linear map on the finite field to 
the problem of computing inverse of a linear map on a subspace of it, which 
seems much easier to solve. 

The rest of the paper is organized as follows. In Section 2 we recall 
some constructions of bilinear permutation polynomials and determine their 
compositional inverses. In Section 3 we explain our method to obtain the 
results. Concluding remarks are given in Section 4. 
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2 Bilinear permutations and their composi- 
tional inverses 

We denote the trace map from ¥ q n to ¥ q by Try „ /p ? or Tr for simplicity when 
it will not cause confusion, that is 

n-l 

Tr(x) = ^x q \ x e ¥ q n. 

Throughout the rest of the paper we only consider finite fields of characteristic 
2. 

We firstly recall the construction of a class of bilinear permutation poly- 
nomials proposed in [3J. 

Theorem 2.1 ([3J). Let q be even and n be odd. Then the polynomial 

f(x) = x (Tr(x) + ax) 

is a permutation polynomial over ¥ gn for all a £ F g \{0, 1}. 

In [1] Laigle-Chapuy generalized this construction in a recursive manner. 

Theorem 2.2 (|4J). Let q be even and n be odd. Assume xL(x) is a bilinear 
permutation polynomial over ¥ q for a linearized polynomial L(x) £ F 9 [x]. 
Then the polynomial 

F(x) = x (L(Tr(x)) + aTr(a;) + ax) 
is a bilinear permutation polynomial over ¥ q n for any a £ F* 

Note that the polynomial in Theorem 12.11 can be derived from Theorem 
12.21 by setting L(x) = x. In the following we will propose the compositional 
inverse of F(x) given in Theorem 12.21 Firstly we remark that in representing 
maps from ¥ q n to itself by polynomials over F g n, we sometimes distinguish 
- with x qU ~ 2 . For example, we use ^ to represent Tr(x) 9 ' l ~ 2 = Tr(x) 9 ~ 2 . 

Besides, we sometimes use x 1//2 instead of x q "^ 2 . 



4 



Theorem 2.3. Use the same notations as in Theorem \2.S\ and let q = 2 m for 

a positive integer m. Assume the compositional inverse of xL(x) is g{x) G 
F g [x] . Then 



, n-l v 2J 
Oj I \ — -\ „2k 



F-\x) = g (Tr(x)) + J2 ^77^ ^JTT-, ( E 

+ a# (Tr(x)) 



#(Tr(x)) 

Proof. We proceed by directly verifying F -1 (F(x)) = x under subsequent 
reduction modulo (x 9 " — x). Firstly, it is obvious that 

Tr (F(x)) = Tr (xL(Tr(x)) + axTr(x) + ax 2 ) 

= Tr(x)L(Tr(x)) + aTr(x) 2 + aTr(x 2 ) 
= Tr(x)L(Tr(x)) 

as Tr(l) = 1 and Tr(x 2 ) = Tr(x) 2 . Thus 

g (Tr(F(x))) = g (Tr(x)L(Tr(x))) = Tr(x) 

since g(xL(x)) = x. Then 

m-l 2 J-1 

F-'(FW) = iK») + E , T , u ° n*cr 

lr(x)L ( lr(x)J 



3=0 



+ aTr(x^ 



Tr(x 

n-l 

(xL(Tr(x)) + axTr(x) + ax 2 ) 2 

fe=C 
m— 1 

Tr(x) + E 



a 2i-l 



3=0 



(L(Tr(x)) + aTr(x)) 2J+1 " 1 



■n,— 1 n-l 
IT" ~~ 2~~ 



(L(Tr(x)) + aTrix)) 23 ^* 22 ^ + a * E 



x 

fc=0 fc=0 



n-l 

771—1 2^—1 2 

^(L(Tr(x)) + aTr(x)f- 1 ^ 



5 



m—1 



,2i + L -l 



n-l 
2 



+ § (LfH-(i)) + aTY(x)) 2 ' H 



~E 



X 



2 i '2km-\-j-\-l 



k=0 



n-l 
2 

2km S. — ^ n(2k+l)m 

X 



k=0 



Tr(x) + J2x 2 ' 2km + E 

fc=0 
n-l 

Tr(x) + ^V* + 



fc=0 



□ 



Corollary 2.4. Lei q = 2 m and n be odd. Let f{x) be the bilinear permuta- 
tion polynomial defined in Theorem \2.1\ Then 



Tr(rx) 1 / 2 
1 + aV2 



2-'' 



m-1 2^ +1 -l I „2*'-l / 2 

x q 



3=0 



Tr(x 



1 2-' 



E 

k=0 



Proof. We let L(x) = x and replace a with in Theorem 12.21 Then 



F(x) 



x 



1 + a 



-Trfxl 



-x 



1 + a 



1 + a 
1 

1 + a 



x (Tr(x) + ax) 
/(*)■ 



Hence / 1 (x) = F 1 (jf^)- Then the result is obtained from Theorem 12.31 
noting that (xL(x))~ 1 = x 1 ! 2 . □ 



Remark 2.5. [6, Theorem 1] can be got from Corollary \2.J\ by replacing 
a by 1 + a for a G F 9 \{0, 1}. Though the compositional inverse deduced 



from Corollary 2.4 is not totally the same with that in Theorem 1] in 
representation, they are indeed the same polynomial after collections of terms. 

Recently, Dempwolff and Miiller constructed a new class of bilinear per- 
mutation polynomials in [7] using trace maps over a tower of finite fields in 
constructing translation planes of even order. 
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Theorem 2.6 Q7J). Let d\, d 2 , • • • , dh, n be all positive integers satisfying 
that d%\d 2 \ • ■ ■ \dh\n and is odd. Let Cj G F* d . ; 1 < % < h, such that 

Yl j= i Cj + for all i. Choose 1 < I < d x with gcd(2 dl - 1, 2 l + 1) = 1 and 
c G F* dl . Set 

L h +l (x)= I ^ °i I X + C * T ™:* ( X ) + C T ":di W > 

\ i=l / i=l 

where T n .^ denotes the trace map from F 2 « to F 2 d 4; 1 < i < h. Then 
Fh+i(x) = xLh+i(x) is a bilinear permutation polynomial over F 2 ™. 

Actually, we find that the polynomial Fh+\{x) in Theorem 12.61 can be 
obtained from Theorem 12.21 recursively (though maybe it was discovered in- 
dependently) in the following manner. Set 

L\(x) = cqx 21 G ¥ 2 d 1 [x] 

and 

Li{x) = Li^Td^^x)) + ^X^'j T <k:<k-x{ x ) + (^ Ci ) X G F2dl ^ 
for 2 < % < h. Finally we set 

Lh+i(x) = L h (T n , dh (x)) + (y~]c^j T n:dh (x) + c^j x G F 2 n[x] 

From the transitivity of the trace map, it is easy to verify that L h+1 (x) is 
just the one defined in Theorem 12.61 By Theorem I2.2[ we directly obtain 
that Fi(x) = xLi(x) is a permutation polynomial over F 2 ^ for 2 < i < h 
and F h+ i(x) is a permutation polynomial over F 2 «, since F 1 (x) = xLi(x) is 
a permutation polynomial over F 2 d 1 due to gcd(2 dl — 1, 2 l + 1) = 1. Hence 
F^\(x) can be derived from Theorem 12.31 inductively 

Corollary 2.7. Use notations the same as in Theorem \2.6i and the discus- 
sions after it, and let dh+i = n. Assume u(2 l + 1) = 1 mod (2 dl — 1) and 
Oi = X^7=i Cj,2<i<h + 1. Then 



kHz . 
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u 

X ' 



and for 2 < % < h + 1 ; 



Fr\ x ) = F-_\(T d , A ^{x)) 

di-\-l 

+ E 

i=o 



<*j/dj-l-l 



of" 1 



F-\(T di .. d ^(x)) 



+ a i T rfi:di _ 1 (x; 



2J+ 1 - 



- E 



fc=0 



3 The method to obtain Theorem 12.3 



The method we get Theorem 12.31 is not a "guess and determine" one, as a 
matter of fact. In this section we describe it in detail. 

Let q be even and n be odd. The for any c G ¥ q , Tr(c) = c, which implies 
that F q fl ker Tr = {0}, where ker Tr is the kernel of the trace map from ¥ q n 
to F g . Since F g and kerTr are 1-dimensional and (n — l)-dimensional vector 
spaces over ¥ q , respectively, the following lemma is straightforward. 

Lemma 3.1. Let q be even and n be odd. Then 

F g » = F q ©kerTr. 
Remark 3.2. The map to establish the isomorphism in Lemma \3. 1\ is 



: F g n 



F q © ker Tr 



x i — > (Tr(x), x + Tr(x)), 
and for (y, z) 6 W q © ker Tr, z)) = y + z. 

Now we consider the graph 



F„ 



F 9 © kerTr 



F(x) 



F(y,z) 



-* F q © ker Tr 
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where F(x) is the bilinear permutation polynomial defined in Theorem 12. 2\ 
and F(y, z) is a bivariate polynomial system the map induced by which can 
make the graph commutative. Let y = Tr(x) and z = x + Tr(x). Since 



Tr(F(x)) = Tr(a;)L(Tr(x)) = yL(y) 



and 



F(x) + Tr(F(x)) 



(y + z)L(y) + a(y + z)y + a(y + zf + yL(y) 
az 2 + (L(y) + ay)z, 



we have 



F(y,z)= (yL{y) 



az 2 + (L(y) + ay)z) . 



yL(y) is a permutation polynomial over ¥ q as stated, thus az 2 + (L(y) + ay)z 
can induce a permutation of ker Tr for any |/eF g since F(y, z) can induce a 
permutation of ¥ q © ker Tr. In fact, F(y, z) is a bivariate polynomial system 
of the so-called triangular form, so the inverse polynomial system can be 
obtained in case we can get the inverse of the permutation of ker Tr. 

Lemma 3.3. Let q = 2 m and n be odd. Let P c (x) = x 2 + cx for any c G F* 
Then P c (x) can induce a permutation of ker Tr and the polynomial that can 
induce its inverse map is 



(We call P c (x) a permutation polynomial over ker Tr and P c 1 (x) its compo- 
sitional inverse.) 

Proof. Obviously, for any x G kerTr, P c (x) G kerTr. Furthermore, P c {x) 
induces an F2-linear transformation of the vector space ker Tr, the kernel of 
which is {0} since P c (x) = implies x = or x = c but c G^ kerTr. Hence 
the linear transformation induced by P c (x) is invertible. For any x G kerTr, 




m— 1 2 



j=0 k=0 
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_ c-i 2 ^ 1 - 1 ) x 22km+j+i _|_ c _(2j_i) ^2 x 22km+j 

j=0 k=0 j=0 k=0 

n — 1 71 — 1 

E2(2fe + l)m ^ — \ 2 2fcm 
X + / ; X 

k=0 k=0 

= Tr(x) + x 
= x. 

Hence P~ 1 (x) is just the compositional inverse of P c (x) over kerTr. □ 

Remark 3.4. In fact, P~ l (x) in Lemma lST^ is not got fully by guessing and 
determining. Since P c (x) is a linearized permutation polynomial over kerTr, 
we can assume P~ 1 (x) = d{X T . However, we cannot expect to get 

P~ l (P c (x)) = x over ¥ q n since P c (x) is not a permutation polynomial over 
F g n. Hence we expect to get P~ 1 (P c (x)) = x + Tr(x) = x 2 ™ + x 2 m + ■ ■ ■ + 
x 2( " 1)m as we will be limited to ker Tr 7 which leads to a system of equations 



d 2 _ x + cdi = if i ^ km 
d 2 _ x + cdi = 1 if i — km 



> , , < i < mn — 1, 1 < k < n — 1. 



Solving this system we obtain di = c { - 23+1 ^ when k is even and di = when 
k is odd for i = km + j , < j < m — 1 , < k < n — 1 . 

Now for (Y, Z) e ¥ q © ker Tr\{(0, 0)}, we assume 
| yL(y) = Y 

I az 2 + (L(y) + ay)z = Z . 

Let g(x) G ¥ q [x] be the compositional inverse of the permutation polynomial 
xL(x) over ¥ q and P c (x) be the polynomial defined in Lemma [3. 31 Then we 

get 

y = g(Y) 

1 . 

_ p-i / _ i = Q „2 2fcm +j 
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If we let (Y, Z) = (0, 0) in the above equalities, we get (y, z) = (0, 0). Hence 
we derive that the inverse system of F(y, z) is just 

/ \ 

-,23-1 



F-\y,z) 



m—l 



g(y), 



a 



\ 



23+1 - 



n-l 
2 

fc=0 



/ 



since g(y)L(g(y)) = y. Now we go back to ¥ qn by setting x = y + 2 where 
2/ = Tr(x) and z = x + Tr(x), and get 

F-\x) = (f)~ 1 (F~ 1 (y, z)) 



m—l 



g(Tr(x)) + 



a 



23-1 



X 



'"(^)) +a9(TrW) 



23+1 



T ]T(:r + Tr(:r)) 



22fcm+j 



fc=0 



m—l 



a 



23-1 



n-1 
2 



( Tt ( x ) 
\g(Tr(x)) 



+ ag(Tr(x)) 



23 + 1 



-E 



X 



22km+j 



k=0 



m—l 



^ n+ 1 ^ 



a 2J ~ 1 Tr(x) 2J 



U(Tr(x)) 



ag(Tr(x)) 



23+ 1 -! ' 



Note that 



m—l 



E 



23 + 1-1 



^R) +Q ^ (Tr(x) ^ 



i 



Tr(x) 



+ ag(Tr(a;) 



a 2 ^(Tr(x)) 2J+1 



a z g(Tr(x) 
Tr(x) 



93+1 



23 



•TV 



F 2 m /F 2 



\ 



1 



Tr(x) + a^(Tr(x)) 2 



\a^(Tr(x)) 2 Tr(x) / 
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= 



using the following lemma. We finally obtain the result in Theorem 12.31 
Lemma 3.5. Let r be a positive integer. Then for any e G F2^, 

Tr F2r/F2 (^ e + e _^j = 0. 

(Recall that we distinguish ~ and 0" 1 with 2 '~ 2 = 0.) 
Proof. Since 

1 e e+1 + 1 1 1 

+ 



e + e" 1 e 2 + l (e + 1) 2 e+1 ' (e + 1) 2 ' 
the result is straightforward to get. □ 

4 Concluding remarks 

In this paper, we derive the compositional inverse of a class of bilinear per- 
mutation polynomials over a finite field of characteristic 2, which can serve 
as a new class of permutation polynomials over finite fields. The main ob- 
servation we make is the special structure of the maps induced by this class 
of permutation polynomials: they can be represented by a class of bivariate 
polynomial systems which are of triangular shapes after decomposing the fi- 
nite field into a direct sum of a subfield and the kernel space of the trace map. 
In fact, the class of bilinear polynomials in Theorem 12.61 can also be repre- 
sented by multivariate polynomial systems of triangular shapes considering 
the decomposition 

F 2 n = F 2dl © kerT d2:dl © kerT d3:d2 © • ■ ■ © ker T n . Ah . 
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Indeed, the corresponding polynomial systems are of the form 



/ x Li(x ), 

xi[Li(x ) + cix ] + cxxf, 

x 2 [L 2 (x + Xx) + (ci + c 2 )(x + Xx)] + (Ci + C 2 )X2, 



X ; 



L i ( Ei=o x j ) + ( E5=i c i ) ( Ei= x i 



+ Ef=i Cj a; 



>: 2 



L h + (Ej=i c j) (E^o 1 ^)] + (E?=i c j) ^ / 



Inverse polynomial systems of them can also be computed inductively using 
Lemma 13. 3[ which will lead to Corollary 12.71 after lifted back to univariate 
polynomials. 
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